I found a website for a course exercise that included the file format of a tcdump.out file: http://www.cs.huji.ac.il/course/2003...ex3/format.txt
However, if what you want to do is not publish the actual code of the worm in your paper, then replacing the text in the latex source of your paper, for example, might be a better way of doing things.
Otherwise, you may need to resort to reading the source code for tcpdump to discover the exact format used. Part of the answer, such as endianess, may depend on the machine that sent the payload in the first place, according to some of the descriptions I read trying to google for an answer. Plus the payload packets themselves could have been split up by a router along the way, so I think that different samples of the same worm could have different patterns, due to the differing length of the packets used to send it.
If you add to that whether your tcpdump file is compressed, it may be better working with a text formatted version of your dumpfile rather than trying to replace bit patterns in the tcpdump file.